Introduction to Postfix

The Postfix package contains a Mail Transport Agent (MTA). This is useful for sending email to other users of your host machine. It can also be configured to be a central mail server for your domain, a mail relay agent or simply a mail delivery agent to your local Internet Service Provider.

This package is known to build and work properly using an LFS 12.1 platform.

Package Information

Postfix Dependencies



ICU-74.2 for Email Address Internationalization (SMTPUTF8) support, MariaDB-10.11.7 or MySQL, OpenLDAP-2.6.7, pcre2-10.42 (or the deprecated PCRE-8.45), PostgreSQL-16.2, SQLite-3.45.1, Berkeley DB (deprecated), and CDB or TinyCDB

Note that SQLite, MySQL, PostgreSQL and CDB are only useful if there is a known need for them.

Editor Notes:

Installation of Postfix

Adding Users and Groups

Before you compile the program, you need to create users and groups that will be expected to be in place during the installation. Add the users and groups with the following commands issued by the root user:

groupadd -g 32 postfix &&
groupadd -g 33 postdrop &&
useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix \
        -s /bin/false -u 32 postfix &&
chown -v postfix:postfix /var/mail

Configuring the Build

The README files are formatted to be read with a pager like less or more. If you want to use a text editor, make them legible with the following sed:

sed -i 's/.\x08//g' README_FILES/*

The Postfix source tree does not contain a configure script, rather the makefile in the top-level directory contains a makefiles target that regenerates all the other makefiles in the build tree. If you wish to use additional software such as a database back-end for virtual users, or TLS/SSL authentication, you will need to regenerate the makefiles using one or more of the appropriate CCARGS and AUXLIBS settings listed below.



For all variants of the CCARGS you should ensure that -DNO_NIS is specified so that the build does not attempt to access an rpcsvc header which do not exist in BLFS. If Berkeley DB (deprecated) is not installed, -DNO_DB needs to be specified as well.

For more details read the readme files.


To use Cyrus-SASL with Postfix, use the following arguments:

        -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"

To use LMDB with Postfix, use the following arguments:


To use OpenLDAP with Postfix, use the following arguments:

AUXLIBS_LDAP='-lldap -llber'

To use Sqlite with Postfix, use the following arguments:

AUXLIBS_SQLITE='-lsqlite3 -lpthread'

To use MySQL with Postfix, use the following arguments:

CCARGS='-DNO_NIS -DNO_DB -DHAS_MYSQL -I/usr/include/mysql'
AUXLIBS_MYSQL='-lmysqlclient -lz -lm'

To use PostgreSQL with Postfix, use the following arguments:

CCARGS='-DNO_NIS -DNO_DB -DHAS_PGSQL -I/usr/include/postgresql'
AUXLIBS_PGSQL='-lpq -lz -lm'

To use CDB or TinyCDB with Postfix, use the following arguments:

StartTLS Authentication

To use OpenSSL with Postfix, use the following arguments:

CCARGS='-DNO_NIS -DNO_DB -DUSE_TLS -I/usr/include/openssl/'
AUXLIBS='-lssl -lcrypto'

Installing Postfix

Adjust the following according to your needs. For example, if you have Cyrus SASL and LMDB, install Postfix by running the following commands:

make CCARGS="-DNO_NIS -DNO_DB -DUSE_TLS -I/usr/include/openssl/    \
             -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  \
             -DHAS_LMDB"                                           \
     AUXLIBS="-lssl -lcrypto -lsasl2"                              \
     AUXLIBS_LMDB="-llmdb"                                         \
     makefiles &&

This package does not come with a useful test suite.

Now, as the root user:

sh postfix-install -non-interactive \
   daemon_directory=/usr/lib/postfix \
   manpage_directory=/usr/share/man \
   html_directory=/usr/share/doc/postfix-3.8.5/html \

Command Explanations

make makefiles: This command rebuilds the makefiles throughout the source tree to use the options contained in the CCARGS and AUXLIBS variables.

sh postfix-install -non-interactive: This keeps the install script from asking any questions, thereby accepting default destination directories in all but the few cases. If the html_directory and readme_directory options are not set then the documentation will not be installed.

CCARGS="-DNO_EAI ...": this will turn off SMTPUTF8 support, for example if the rest of your email address infrastructure cannot handle UTF-8 email addresses and message header values.

Configuring Postfix

Config Files

/etc/aliases, /etc/postfix/, and /etc/postfix/

Configuration Information

Create (or append to an existing) /etc/aliases with the following command. Change <LOGIN> to your non-root login identity so mail addressed to root can be forwarded to you. As the root user:

cat >> /etc/aliases << "EOF"
# Begin /etc/aliases

MAILER-DAEMON:    postmaster
postmaster:       root

root:             <LOGIN>
# End /etc/aliases

To protect an existing /etc/aliases file, the above command appends these aliases to it if it exists. This file should be checked and duplicate aliases removed, if present.

The BLFS editors recommend to use LMDB instead of Berkeley DB for Postfix tables. Add three lines into /etc/postfix/ to make postmap encode the lookup tables in the LMDB format by default and to change the default hash setting of the alias tables:

echo 'default_database_type = lmdb'       >> /etc/postfix/ &&
echo 'alias_database = lmdb:/etc/aliases' >> /etc/postfix/ &&
echo 'alias_maps = lmdb:/etc/aliases'     >> /etc/postfix/

To protect your server against the recent SMTP smuggling attacks, additional steps are required. Add two lines into /etc/postfix/ to disconnect remote SMTP clients that send bare newlines in the DATA section, while also allowing clients on your network with non-standard SMTP implementations to still send mail:

echo 'smtpd_forbid_bare_newline = normalize' >> /etc/postfix/ &&
echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' >> /etc/postfix/

Note that if you are following an online tutorial to configure Postfix, the tutorial may refer to a lookup table with hash:/path/to/lookup_table. You should replace hash with lmdb in order to use a lookup table encoded in the LMDB format.



The /etc/postfix/ and /etc/postfix/ files must be personalized for your system. The file needs your fully qualified hostname. You will find that is self documenting, so load it into your editor to make the changes you need for your situation.



Postfix can also be set up to run in a chroot jail. See the file in the source examples/chroot-setup/LINUX2 for details.

To ensure that all permissions are set properly, postfix provides a tool which is to be run as the root user:

/usr/sbin/postfix -c /etc/postfix set-permissions

If you have an existing configuration, you can run the postfix utility to add any necessary definitions to your existing files. As the root user:

/usr/sbin/postfix upgrade-configuration

Before starting Postfix, you should check that your configuration and file permissions will work properly. Run the following commands as the root user to check and start your Postfix server:

/usr/sbin/postfix check &&
/usr/sbin/postfix start

Systemd Unit

To automate the running of Postfix at startup, install the postfix.service unit included in the blfs-systemd-units-20240205 package:

make install-postfix


Installed Programs: mailq (symlink), newaliases (symlink), postalias, postcat, postconf, postdrop, postfix, postkick, postlock, postlog, postmap, postmulti, postqueue, postsuper, and sendmail
Installed Libraries: None
Installed Directories: /{etc,usr/lib}/postfix, /usr/share/doc/postfix-3.8.5 and /var/{lib,spool}/postfix

Short Descriptions


A symlink to sendmail


A symlink to sendmail


is a utility for Postfix alias database maintenance


Prints the contents of files from the Postfix queue in human readable format


Displays or changes the value of Postfix configuration parameters


Creates a file in the maildrop directory and copies its standard input to the file


is the Postfix control program


Sends requests to the specified service over a local transport channel


Locks a mail folder for exclusive use, and executes commands passed to it


A Postfix-compatible logging interface for use in, for example, shell scripts


Creates or queries one or more Postfix lookup tables, or updates an existing one


is the Postfix multi-instance manager. It allows a system administrator to manage multiple Postfix instances on a single host


The Postfix user interface for queue management


The Postfix user interface for superuser queue management


is the Postfix to Sendmail compatibility interface